CN114492489B - NFC label verification system based on dynamic data - Google Patents

NFC label verification system based on dynamic data Download PDF

Info

Publication number
CN114492489B
CN114492489B CN202210080207.9A CN202210080207A CN114492489B CN 114492489 B CN114492489 B CN 114492489B CN 202210080207 A CN202210080207 A CN 202210080207A CN 114492489 B CN114492489 B CN 114492489B
Authority
CN
China
Prior art keywords
data
verification
dynamic
uid
key
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Active
Application number
CN202210080207.9A
Other languages
Chinese (zh)
Other versions
CN114492489A (en
Inventor
季有为
顾超然
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Xindian Zhilian Beijing Technology Co ltd
Original Assignee
Xindian Zhilian Beijing Technology Co ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Xindian Zhilian Beijing Technology Co ltd filed Critical Xindian Zhilian Beijing Technology Co ltd
Priority to CN202210080207.9A priority Critical patent/CN114492489B/en
Publication of CN114492489A publication Critical patent/CN114492489A/en
Application granted granted Critical
Publication of CN114492489B publication Critical patent/CN114492489B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Images

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06KGRAPHICAL DATA READING; PRESENTATION OF DATA; RECORD CARRIERS; HANDLING RECORD CARRIERS
    • G06K7/00Methods or arrangements for sensing record carriers, e.g. for reading patterns
    • G06K7/10Methods or arrangements for sensing record carriers, e.g. for reading patterns by electromagnetic radiation, e.g. optical sensing; by corpuscular radiation
    • G06K7/10009Methods or arrangements for sensing record carriers, e.g. for reading patterns by electromagnetic radiation, e.g. optical sensing; by corpuscular radiation sensing by radiation using wavelengths larger than 0.1 mm, e.g. radio-waves or microwaves
    • G06K7/10257Methods or arrangements for sensing record carriers, e.g. for reading patterns by electromagnetic radiation, e.g. optical sensing; by corpuscular radiation sensing by radiation using wavelengths larger than 0.1 mm, e.g. radio-waves or microwaves arrangements for protecting the interrogation against piracy attacks
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/60Protecting data
    • G06F21/62Protecting access to data via a platform, e.g. using keys or access control rules
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06KGRAPHICAL DATA READING; PRESENTATION OF DATA; RECORD CARRIERS; HANDLING RECORD CARRIERS
    • G06K17/00Methods or arrangements for effecting co-operative working between equipments covered by two or more of main groups G06K1/00 - G06K15/00, e.g. automatic card files incorporating conveying and reading operations
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06KGRAPHICAL DATA READING; PRESENTATION OF DATA; RECORD CARRIERS; HANDLING RECORD CARRIERS
    • G06K19/00Record carriers for use with machines and with at least a part designed to carry digital markings
    • G06K19/06Record carriers for use with machines and with at least a part designed to carry digital markings characterised by the kind of the digital marking, e.g. shape, nature, code
    • G06K19/067Record carriers with conductive marks, printed circuits or semiconductor circuit elements, e.g. credit or identity cards also with resonating or responding marks without active components
    • G06K19/07Record carriers with conductive marks, printed circuits or semiconductor circuit elements, e.g. credit or identity cards also with resonating or responding marks without active components with integrated circuit chips
    • G06K19/073Special arrangements for circuits, e.g. for protecting identification code in memory
    • G06K19/07309Means for preventing undesired reading or writing from or onto record carriers
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q30/00Commerce
    • G06Q30/018Certifying business or products
    • G06Q30/0185Product, service or business identity fraud

Abstract

The embodiment of the invention relates to an NFC label verification system based on dynamic data, which comprises: the NFC tag comprises an NFC tag, NFC read-write equipment and a verification server; the NFC read-write equipment is connected with the NFC label and connected with the verification server; the NFC read-write equipment is used for sending a first verification instruction to the NFC label; receiving the first dynamic verification data sent back; sending the first dynamic verification data to a verification server; receiving a first label verification result sent back; identifying the first tag verification result; if the verification result contains the information that the tag verification is successful, displaying the information that the tag verification passes, and updating the counter value of the NFC tag according to the extracted synchronous counter data; and if the verification result contains the tag verification failure information, performing information display processing of tag verification failure. By the system, the safety of commodity authentication can be enhanced by utilizing an NFC label authentication mechanism of the system.

Description

NFC label verification system based on dynamic data
Technical Field
The invention relates to the technical field of data processing, in particular to an NFC tag verification system based on dynamic data.
Background
A corresponding tobacco commodity counterfeit checking system is established for regular tobacco commodities circulating in the market, and a good prevention effect on counterfeit and shoddy commodities can be achieved. The current common counterfeit verification system scheme is to print a two-dimensional code on a tobacco commodity and process commodity counterfeit verification through identifying the two-dimensional code. In practical application, we find that there are certain technical defects in this operation mode: the imitation of the two-dimensional code basically has no technical threshold, and once the two-dimensional code is copied, counterfeit and shoddy commodities can be changed into regular commodities to enter a circulation channel.
Disclosure of Invention
The invention aims to overcome the defects of the prior art, and provides a dynamic data-based NFC tag verification system, which comprises: near Field Communication (NFC) tags, NFC read-write equipment and authentication servers. According to the system, the NFC label is used for replacing the original two-dimensional code on the tobacco commodity, so that the problem that the two-dimensional code in the original scheme is easy to imitate can be solved, and the safety of commodity authentication can be enhanced by utilizing an NFC label verification mechanism of the system.
To achieve the above object, an embodiment of the present invention provides an NFC tag verification system based on dynamic data, where the system includes: the NFC authentication system comprises an NFC tag, NFC read-write equipment and an authentication server;
the NFC read-write equipment is connected with the NFC label through a Near Field Communication (NFC) protocol and is connected with the verification server through a wireless or wired network; the NFC read-write equipment is used for sending a first verification instruction to the NFC tag; receiving first dynamic verification data sent back by the NFC label; sending the first dynamic verification data to the verification server; receiving a first label verification result sent back by the verification server; and identifying the first tag verification result; if the first tag verification result contains preset tag verification success information, displaying information that the tag verification passes, and updating a counter value of a first verification counter storage area of the NFC tag according to synchronous counter data extracted from the first tag verification result; and if the first label verification result contains preset label verification failure information, displaying the information of label verification failure.
Preferably, the local storage area of the NFC tag includes a UID storage area, a CID storage area, a key storage area, the first authentication counter storage area, and an NDEF storage area; the UID storage area, the CID storage area and the secret key storage area are read-only storage areas; the NDEF storage area comprises storage data with a data format of URL data format;
the NFC tag is used for generating random dynamic ID data to obtain corresponding first dynamic ID data when receiving the first verification instruction, and adding 1 to the counter value of the first verification counter storage area; reading the stored data of the UID storage area, the CID storage area, the key storage area and the first verification counter storage area to generate corresponding first UID data, first CID data, first key data and first counter data; reading a specified data source with a data format of URL data format in the NDEF storage area to generate corresponding first URL data; performing key dispersion processing on the first key data according to the first dynamic ID data and the first CID data to generate corresponding first dynamic key data; according to a preset first data assembly mode, carrying out data assembly on the first UID data and the first counter data to generate corresponding second UID data; encrypting the second UID data by using the first dynamic key data to generate corresponding first dynamic ciphertext data; and sending the first dynamic verification data consisting of the first dynamic ID data, the first dynamic ciphertext data and the first URL data back to the NFC tag read-write equipment.
Further, the NFC tag is specifically configured to perform data splicing processing on the first dynamic ID data and the first CID data according to a preset first process key splicing rule to generate corresponding first process key data when performing key distribution processing on the first key data according to the first dynamic ID data and the first CID data; and encrypting the first key data according to a preset first encryption and decryption algorithm by using the first process key data to generate the first dynamic key data.
Further, the NFC tag is specifically configured to encrypt the second UID data by using the first dynamic key data according to a preset second encryption and decryption algorithm to generate the first dynamic ciphertext data when the second UID data is encrypted by using the first dynamic key data; the second encryption and decryption algorithm at least comprises a cryptographic SM7 algorithm.
Preferably, the verification server is configured to extract first dynamic ID data, first dynamic ciphertext data, and first URL data from the first dynamic verification data when receiving the first dynamic verification data; accessing the appointed anti-counterfeiting information server according to the first URL data to obtain corresponding second CID data and second key data; performing key dispersion processing on the second key data according to the first dynamic ID data and the second CID data to generate corresponding second dynamic key data; decrypting the first dynamic cipher text data by using the second dynamic key data to generate corresponding third UID data; performing data analysis on the third UID data according to a preset first data assembly mode to obtain corresponding fourth UID data and second counter data; performing comprehensive verification processing on the fourth UID data and the second counter data; if the comprehensive verification processing is successful, generating a new counter value in a local second verification counter storage area, extracting the new counter value as the synchronous counter data, and sending a first tag verification result consisting of the synchronous counter data and the tag verification success information to the NFC read-write equipment; and if the comprehensive verification processing fails, sending the first tag verification result consisting of the tag verification failure information to the NFC read-write equipment.
Further, the verification server is specifically configured to perform data splicing processing on the first dynamic ID data and the second CID data according to a preset first process key splicing rule to generate corresponding second process key data when performing key distribution processing on the second key data according to the first dynamic ID data and the second CID data; and encrypting the second key data according to a preset first encryption and decryption algorithm by using the second process key data to generate second dynamic key data.
Further, the verification server is specifically configured to, when the second dynamic key data is used to decrypt the first dynamic ciphertext data, decrypt the first dynamic ciphertext data by using the second dynamic key data according to a preset second encryption and decryption algorithm to generate the third UID data; the second encryption and decryption algorithm at least comprises a cryptographic SM7 algorithm.
Further, the validation server is specifically configured to perform UID validity validation on the fourth UID data by using a UID database when performing comprehensive validation processing on the fourth UID data and the second counter data, where the UID validity validation is successful if the fourth UID data exists in the UID database, and the UID validity validation is failed if the fourth UID data does not exist in the UID database; if the UID validity verification fails, the comprehensive verification processing fails; if the UID validity verification is successful, reading the counter value in the second verification counter storage area to generate corresponding third counter data, if the third counter data is smaller than the second counter data, the comprehensive verification processing is successful, and if the third counter data is not smaller than the second counter data, the comprehensive verification processing is failed.
The embodiment of the invention provides an NFC label verification system based on dynamic data, which comprises: NFC label, NFC read-write equipment and authentication server. According to the system, the NFC label is used for replacing the original two-dimensional code on the tobacco commodity, so that the problem that the two-dimensional code in the original scheme is easy to imitate can be solved, and the safety of commodity counterfeit verification can be enhanced by utilizing an NFC label verification mechanism of the system.
Drawings
Fig. 1 is a schematic structural diagram of an NFC tag verification system based on dynamic data according to an embodiment of the present invention.
Detailed Description
To make the objects, technical solutions and advantages of the present invention more apparent, the present invention will be described in further detail with reference to the accompanying drawings. All other embodiments, which can be obtained by a person skilled in the art without making any creative effort based on the embodiments in the present invention, belong to the protection scope of the present invention.
Fig. 1 is a schematic structural diagram of an NFC tag verification system based on dynamic data according to an embodiment of the present invention, and as shown in fig. 1, the system includes: an NFC tag 11, an NFC read-write device 12 and an authentication server 13.
The NFC read-write device 12 is connected to the NFC tag 11 by a near field communication NFC protocol, and is connected to the authentication server 13 by a wireless or wired network.
The NFC tag 11 includes a first antenna, a first NFC communication component, a first master control chip, and a local storage area; the first antenna is used for receiving and transmitting data with the NFC read-write device 12; the first NFC communication component is used for analyzing and packaging the receiving and sending data according to an NFC protocol; the first main control chip is used for executing the processing flow corresponding to the analyzed application instruction; the local storage area comprises a UID storage area, a CID storage area, a key storage area, a first verification counter storage area and an NDEF storage area; the UID storage area, the CID storage area and the key storage area are read-only storage areas, the UID storage area is used for storing the unique identification number, namely UID information, distributed by a chip manufacturer to each NFC label 11, the CID storage area is used for storing the unique identification number, namely CID information, distributed by an application manufacturer to each NFC label 11, and the key storage area is used for storing pre-installed key information; the Data storage Format in the NDEF storage area meets an NFC Data Exchange Format (NDEF), which includes storage Data whose Data Format meets a Uniform Resource Locator (URL) Data Format; the data in the first authentication counter storage area is a counter value.
The NFC read-write device 12 includes a second antenna, a second NFC communication component, a third antenna, a wireless communication component, a wired communication component, a second master control chip, and a local storage area; the second antenna is used for receiving and transmitting data with the NFC tag 11; the second NFC communication component is used for analyzing and packaging NFC communication receiving and transmitting data according to an NFC protocol; the third antenna is used for accessing a set wireless communication network to complete data transceiving operation between the NFC read-write equipment 12 and the verification server 13; the wireless communication component is used for completing data analysis and packaging operation of data received and transmitted by a wireless communication network between the NFC read-write equipment 12 and the verification server 13 according to a set wireless communication protocol; the wired communication component is used for completing data analysis and packaging operations of wired network transceiving data between the NFC read-write equipment 12 and the verification server 13 according to a set wired communication protocol; the second main control chip is used for executing the processing flow corresponding to the analyzed application instruction; the local storage area is used for storing codes and data related to the local instruction processing process. The NFC reader 12 may be an independent NFC tag reader, or may be an NFC tag processing system with a local host module or a local server module.
The authentication server 13 may be an independent server, a server cluster composed of a plurality of servers, or a cloud service interface.
NFC read-write equipment 12
The NFC read-write device 12 is configured to send a first verification instruction to the NFC tag 11; receiving first dynamic verification data sent back by the NFC tag 11; and sends the first dynamic authentication data to the authentication server 13; receiving a first tag verification result sent back by the verification server 13; identifying the first tag verification result; if the first tag verification result contains preset tag verification success information, performing information display processing that the tag verification passes, and updating the counter value of the first verification counter storage area of the NFC tag 11 according to synchronous counter data extracted from the first tag verification result; and if the first label verification result contains preset label verification failure information, performing information display processing of label verification failure.
(II) NFC tag 11
The NFC tag 11 is used for generating and processing random dynamic ID data to obtain corresponding first dynamic ID data when receiving a first verification instruction, and adding 1 to a counter value in a first verification counter storage area; reading the stored data of the UID storage area, the CID storage area, the key storage area and the first verification counter storage area to generate corresponding first UID data, first CID data, first key data and first counter data; reading a specified data source with a data format of URL data format in the NDEF storage area to generate corresponding first URL data; performing key dispersion processing on the first key data according to the first dynamic ID data and the first CID data to generate corresponding first dynamic key data; according to a preset first data assembly mode, carrying out data assembly on the first UID data and the first counter data to generate corresponding second UID data; encrypting the second UID data by using the first dynamic key data to generate corresponding first dynamic ciphertext data; and sending back first dynamic verification data consisting of the first dynamic ID data, the first dynamic ciphertext data and the first URL data to the NFC tag 11 read-write equipment.
Here, in the embodiment of the present invention, when the NFC tag applicator issues each NFC tag 11, a URL information corresponding to the current application batch number and the tag CID number, that is, a first URL data corresponding to a specified data source, is stored in the NDEF storage area, a corresponding key, that is, a first key data, is allocated to the batch, and the key and the CID number of each application batch number are backed up by a specified anti-fake information server at the server side in synchronization. During each verification, the NFC tag 11 generates a dynamic key of one-time pad, that is, first dynamic key data, based on a random number generated at the time, that is, the first dynamic ID data, and in combination with the first CID data, encrypts, based on the first dynamic key data, the second UID data composed of the first UID data and the first counter data to generate a random encrypted ciphertext, that is, first dynamic ciphertext data, which is different at each time, and then sends the first dynamic ID data, the first dynamic ciphertext data, and the first URL data to the verification server 13 through the NFC read-write device 12 for verification. In the processing mode, on one hand, the transmitted check data is safely packaged, and the safety of data transmission is improved; on the other hand, the storage key is not directly used for verifying data encapsulation, but the dynamic key of the one-time pad generated by key dispersion is used for data encapsulation, so that the difficulty of cracking the storage key by acquiring the transmission ciphertext is increased, and the safety protection level of the storage key is improved.
In a specific implementation manner of the embodiment of the present invention, the NFC tag 11 is specifically configured to perform data assembling processing on the first dynamic ID data and the first CID data according to a preset first process key assembling rule to generate corresponding first process key data when performing key distribution processing on the first key data according to the first dynamic ID data and the first CID data; and encrypting the first key data according to a preset first encryption and decryption algorithm by using the first process key data to generate first dynamic key data.
Here, the embodiment of the present invention supports multiple distributed implementations when distributing the key, where one of the implementations is to form the first process key data by using the first dynamic ID data and the first CID data, and encrypt the first key data by using the first process key data, so as to achieve the purpose of distributing the key. The first encryption and decryption algorithm is conventionally a symmetric encryption algorithm, which at least should include the cryptographic algorithm SM1. The first process key assembly rule corresponds to the first encryption and decryption algorithm, the assembly length is limited by the key length of the first encryption and decryption algorithm, the assembly sequence can be defined by self, if the length of the assembly result is smaller than the key length of the first encryption and decryption algorithm, a specific bit complementing rule is configured correspondingly, and if the length of the assembly result exceeds the key length of the first encryption and decryption algorithm, a specific compression rule is configured correspondingly.
In another specific implementation manner of the embodiment of the present invention, the NFC tag 11 is specifically configured to encrypt the second UID data by using the first dynamic key data according to a preset second encryption and decryption algorithm to generate first dynamic ciphertext data when the second UID data is encrypted by using the first dynamic key data; the second encryption/decryption algorithm comprises at least the cryptographic SM7 algorithm.
(III) authentication Server 13
The verification server 13 is configured to extract first dynamic ID data, first dynamic ciphertext data, and first URL data from the first dynamic verification data when receiving the first dynamic verification data; accessing the appointed anti-counterfeiting information server according to the first URL data to obtain corresponding second CID data and second key data; performing key dispersion processing on the second key data according to the first dynamic ID data and the second CID data to generate corresponding second dynamic key data; decrypting the first dynamic ciphertext data by using the second dynamic key data to generate corresponding third UID data; according to a preset first data assembly mode, carrying out data analysis on the third UID data to obtain corresponding fourth UID data and second counter data; performing comprehensive verification processing on the fourth UID data and the second counter data; if the comprehensive verification processing is successful, generating a new counter value in a local second verification counter storage area, extracting the new counter value as synchronous counter data, and sending a first label verification result consisting of the synchronous counter data and label verification success information to the NFC read-write equipment 12; if the comprehensive verification processing fails, a first tag verification result composed of tag verification failure information is sent to the NFC read-write device 12.
Here, after receiving the first dynamic verification data, the verification server 13 may extract the first dynamic ID data, the first dynamic ciphertext data, and the first URL data according to a known data format of the dynamic verification data; as can be seen from the foregoing, the key of the application batch to which the current NFC tag 11 belongs, that is, the second key data, and the CID number of the current NFC tag 11, that is, the second CID data, can be obtained from the specified anti-fake information server through the first URL data, and under a normal condition, the second CID data should be consistent with the first CID data in the foregoing, and the second key data should be consistent with the first key data in the foregoing; subsequently, the authentication server 13 performs key distribution on the second key data by using the first dynamic ID data + the second CID data in a key distribution manner consistent with that of the NFC tag 11 side, where the distribution result is that the second dynamic key data should be consistent with the first dynamic key data in the foregoing under normal conditions; subsequently, the verification server 13 performs the inverse operation of encryption, that is, the decryption operation, on the first dynamic ciphertext data by using the second dynamic key data according to the encryption and decryption algorithm consistent with the NFC tag 11 side, and in a normal case, the decryption result, that is, the third UID data should be consistent with the second UID data in the foregoing; subsequently, the authentication server 13 analyzes the third UID data in a first data assembly manner in which the second UID data is assembled as described above, and under normal conditions, the fourth UID data and the second counter data obtained as a result of the analysis are respectively consistent with the first UID data and the first counter data in the foregoing, and in order to confirm this point, the authentication server 13 then performs comprehensive authentication on the fourth UID data and the second counter data obtained by the analysis; if the comprehensive verification is successful, it indicates that the current NFC tag 11 is a legal tag, and the verification server 13 sends the tag verification success information to the NFC read-write device 12 and also sends the latest synchronous counter data to the NFC read-write device for synchronizing the corresponding counter value on the NFC tag 11 side; if the comprehensive verification fails, it indicates that the current NFC tag 11 is an illegal tag, and correspondingly sends tag verification failure information to the NFC read-write device 12.
In another specific implementation manner of the embodiment of the present invention, the verification server 13 is specifically configured to perform data splicing processing on the first dynamic ID data and the second CID data according to a preset first process key splicing rule to generate corresponding second process key data when performing key distribution processing on the second key data according to the first dynamic ID data and the second CID data; and encrypting the second key data according to a preset first encryption and decryption algorithm by using the second process key data to generate second dynamic key data.
Here, as described above, the authentication server 13 performs key distribution of the second key data using the first dynamic ID data + the second CID data in a key distribution manner that is consistent with the NFC tag 11 side, and the distribution result, that is, the second dynamic key data should be consistent with the first dynamic key data in the foregoing description in a normal case.
In another specific implementation manner of the embodiment of the present invention, the verification server 13 is specifically configured to, when decrypting the first dynamic ciphertext data by using the second dynamic key data, decrypt the first dynamic ciphertext data by using the second dynamic key data according to a preset second encryption/decryption algorithm to generate a third UID data; the second encryption and decryption algorithm at least comprises the cryptographic SM7 algorithm.
Here, as described above, the authentication server 13 performs a decryption operation on the first dynamic cipher text data using the second dynamic key data in accordance with the encryption/decryption algorithm in conformity with the NFC tag 11 side, and the decryption result, that is, the third UID data should be in conformity with the second UID data in the foregoing in the normal case.
In another specific implementation manner of the embodiment of the present invention, the validation server 13 is specifically configured to perform UID validity validation on the fourth UID data by using the UID database when performing comprehensive validation processing on the fourth UID data and the second counter data, where the UID validity validation is successful if the fourth UID data already exists in the UID database, and the UID validity validation is failed if the fourth UID data does not exist in the UID database; if UID validity verification fails, comprehensive verification processing fails; and if the UID validity verification is successful, reading the counter value in the storage area of the second verification counter to generate corresponding third counter data, if the third counter data is smaller than the second counter data, the comprehensive verification processing is successful, and if the third counter data is not smaller than the second counter data, the comprehensive verification processing fails.
When the validity of the UID is verified, the UID information of the legal NFC label registered in the system is uniformly managed through the UID database, and if the fourth UID data can be found in the UID database, the UID is a legal UID, or else the UID is an illegal label; when the counter value is verified, theoretically, the third counter data should be synchronized with the counter value before the NFC tag 11 side is incremented by 1, that is, the third counter data +1= the second counter data, but in practice, due to reasons such as poor communication, a situation that the verification server 13 cannot receive the dynamic verification data sent by the NFC tag 11 through the NFC read-write device 12 often occurs, at this time, the counter value of the NFC tag 11 is continuously accumulated, but the counter value at the verification server 13 side is not changed, in order to be compatible with this situation, in the embodiment of the present invention, it is determined whether the comprehensive verification processing is successful or not by determining whether the third counter data is smaller than the second counter data instead of the theoretical 1-adding relationship when the counter value is verified.
It should be noted that, after confirming that the comprehensive verification processing is successful, the verification server 13 sends a first tag verification result composed of the synchronous counter data and the tag verification success information to the NFC read-write device 12; the NFC read-write device 12 updates the counter value in the first verification counter storage area of the NFC tag 11 according to the synchronous counter data extracted from the first tag verification result, specifically: the NFC read-write device 12 sends a counter synchronization instruction carrying the synchronization counter data to the NFC tag 11; after receiving the counter synchronization instruction, the NFC tag 11 extracts synchronization counter data from the counter synchronization instruction and updates the counter value in the local first authentication counter storage area.
The embodiment of the invention provides an NFC label verification system based on dynamic data, which comprises: NFC label, NFC read-write equipment and authentication server. According to the system, the NFC label is used for replacing the original two-dimensional code on the tobacco commodity, so that the problem that the two-dimensional code in the original scheme is easy to imitate can be solved, and the safety of commodity counterfeit verification can be enhanced by utilizing an NFC label verification mechanism of the system.
Those of skill would further appreciate that the various illustrative components and algorithm steps described in connection with the embodiments disclosed herein may be implemented as electronic hardware, computer software, or combinations of both, and that the various illustrative components and steps have been described above generally in terms of their functionality in order to clearly illustrate this interchangeability of hardware and software. Whether such functionality is implemented as hardware or software depends upon the particular application and design constraints imposed on the implementation. Skilled artisans may implement the described functionality in varying ways for each particular application, but such implementation decisions should not be interpreted as causing a departure from the scope of the present invention.
The steps of a method or algorithm described in connection with the embodiments disclosed herein may be embodied in hardware, a software module executed by a processor, or a combination of the two. A software module may reside in Random Access Memory (RAM), memory, read Only Memory (ROM), electrically programmable ROM, electrically erasable programmable ROM, registers, hard disk, a removable disk, a CD-ROM, or any other form of storage medium known in the art.
The above-mentioned embodiments are intended to illustrate the objects, technical solutions and advantages of the present invention in further detail, and it should be understood that the above-mentioned embodiments are merely exemplary embodiments of the present invention, and are not intended to limit the scope of the present invention, and any modifications, equivalent substitutions, improvements and the like made within the spirit and principle of the present invention should be included in the scope of the present invention.

Claims (5)

1. A system for NFC tag verification based on dynamic data, the system comprising: the NFC authentication system comprises an NFC tag, NFC read-write equipment and an authentication server;
the NFC read-write equipment is connected with the NFC label through a Near Field Communication (NFC) protocol and is connected with the verification server through a wireless or wired network; the NFC read-write equipment is used for sending a first verification instruction to the NFC tag; receiving first dynamic verification data sent back by the NFC label; sending the first dynamic verification data to the verification server; receiving a first label verification result sent back by the verification server; identifying the first tag verification result; if the first tag verification result contains preset tag verification success information, displaying information that the tag verification passes, and updating a counter value of a first verification counter storage area of the NFC tag according to synchronous counter data extracted from the first tag verification result; if the first label verification result contains preset label verification failure information, performing information display processing on label verification failure;
wherein the local storage area of the NFC tag comprises a UID storage area, a CID storage area, a key storage area, the first authentication counter storage area and an NDEF storage area; the UID storage area, the CID storage area and the key storage area are read-only storage areas; the NDEF storage area comprises storage data with a data format of URL data format;
the NFC tag is used for generating random dynamic ID data to obtain corresponding first dynamic ID data when receiving the first verification instruction, and adding 1 to the counter value of the first verification counter storage area; reading the stored data of the UID storage area, the CID storage area, the key storage area and the first verification counter storage area to generate corresponding first UID data, first CID data, first key data and first counter data; reading the specified data source with the data format being the URL data format in the NDEF storage area to generate corresponding first URL data; performing key distribution processing on the first key data according to the first dynamic ID data and the first CID data to generate corresponding first dynamic key data; according to a preset first data assembly mode, carrying out data assembly on the first UID data and the first counter data to generate corresponding second UID data; encrypting the second UID data by using the first dynamic key data to generate corresponding first dynamic ciphertext data; sending back the first dynamic verification data consisting of the first dynamic ID data, the first dynamic ciphertext data and the first URL data to the NFC tag read-write equipment;
the NFC tag is specifically configured to perform data splicing processing on the first dynamic ID data and the first CID data according to a preset first process key splicing rule to generate corresponding first process key data when performing key distribution processing on the first key data according to the first dynamic ID data and the first CID data; encrypting the first key data according to a preset first encryption and decryption algorithm by using the first process key data to generate first dynamic key data;
the NFC tag is specifically configured to encrypt the second UID data by using the first dynamic key data according to a preset second encryption and decryption algorithm to generate first dynamic ciphertext data when the second UID data is encrypted by using the first dynamic key data; the second encryption and decryption algorithm at least comprises a cryptographic SM7 algorithm;
the first URL data and the first CID data are in one-to-one correspondence;
the first encryption and decryption algorithm comprises a cryptographic SM1 algorithm.
2. The dynamic data based NFC tag verification system of claim 1,
the verification server is used for extracting first dynamic ID data, first dynamic ciphertext data and first URL data from the first dynamic verification data when receiving the first dynamic verification data; accessing the appointed anti-counterfeiting information server according to the first URL data to obtain corresponding second CID data and second key data; performing key dispersion processing on the second key data according to the first dynamic ID data and the second CID data to generate corresponding second dynamic key data; decrypting the first dynamic ciphertext data by using the second dynamic key data to generate corresponding third UID data; performing data analysis on the third UID data according to a preset first data assembly mode to obtain corresponding fourth UID data and second counter data; performing comprehensive verification processing on the fourth UID data and the second counter data; if the comprehensive verification processing is successful, generating a new counter value in a local second verification counter storage area, extracting the new counter value as the synchronous counter data, and sending a first tag verification result consisting of the synchronous counter data and the tag verification success information to the NFC read-write equipment; and if the comprehensive verification processing fails, sending the first tag verification result consisting of the tag verification failure information to the NFC read-write equipment.
3. The dynamic data based NFC tag verification system of claim 2,
the verification server is specifically configured to perform data splicing processing on the first dynamic ID data and the second CID data according to a preset first process key splicing rule to generate corresponding second process key data when performing key distribution processing on the second key data according to the first dynamic ID data and the second CID data; and encrypting the second key data according to a preset first encryption and decryption algorithm by using the second process key data to generate second dynamic key data.
4. The dynamic data based NFC tag verification system of claim 2,
the authentication server is specifically configured to decrypt the first dynamic ciphertext data by using the second dynamic key data according to a preset second encryption and decryption algorithm to generate the third UID data when the decryption processing is performed on the first dynamic ciphertext data by using the second dynamic key data; the second encryption and decryption algorithm at least comprises a cryptographic SM7 algorithm.
5. The dynamic data based NFC tag verification system of claim 2,
the authentication server is specifically configured to perform UID validity authentication on the fourth UID data by using a UID database when performing comprehensive authentication processing on the fourth UID data and the second counter data, where the UID validity authentication is successful if the fourth UID data exists in the UID database, and the UID validity authentication is failed if the fourth UID data does not exist in the UID database; if the UID validity verification fails, the comprehensive verification processing fails; if the UID validity verification is successful, reading the counter value in the second verification counter storage area to generate corresponding third counter data, if the third counter data are smaller than the second counter data, the comprehensive verification processing is successful, and if the third counter data are not smaller than the second counter data, the comprehensive verification processing is failed.
CN202210080207.9A 2022-01-24 2022-01-24 NFC label verification system based on dynamic data Active CN114492489B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202210080207.9A CN114492489B (en) 2022-01-24 2022-01-24 NFC label verification system based on dynamic data

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202210080207.9A CN114492489B (en) 2022-01-24 2022-01-24 NFC label verification system based on dynamic data

Publications (2)

Publication Number Publication Date
CN114492489A CN114492489A (en) 2022-05-13
CN114492489B true CN114492489B (en) 2022-10-21

Family

ID=81474148

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202210080207.9A Active CN114492489B (en) 2022-01-24 2022-01-24 NFC label verification system based on dynamic data

Country Status (1)

Country Link
CN (1) CN114492489B (en)

Families Citing this family (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN115630656B (en) * 2022-08-18 2023-06-27 芯电智联(北京)科技有限公司 Processing method for activating NFC label issuing data

Citations (7)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN103065168A (en) * 2012-12-19 2013-04-24 深圳市江波龙电子有限公司 Anti-fake method and system of radio frequency identification
CN106209386A (en) * 2016-10-10 2016-12-07 中国银行股份有限公司 A kind of methods, devices and systems realizing safety certification
CN107886333A (en) * 2016-09-29 2018-04-06 珠海晶通科技有限公司 A kind of Antiforge system and its method for anti-counterfeit with dynamic anti-fake information
CN109711516A (en) * 2018-11-28 2019-05-03 山水云(上海)信息科技有限公司 A kind of fake certification system and method based on NFC chip
CN110969445A (en) * 2019-10-31 2020-04-07 紫优科技(深圳)有限公司 Anti-counterfeiting method based on NFC
CN111787535A (en) * 2019-04-03 2020-10-16 上海飞聚微电子有限公司 NDEF format security dynamic code generation method and device and near field communication method and system
CN112347453A (en) * 2020-11-11 2021-02-09 公安部交通管理科学研究所 Data safety writing method and system of automobile electronic identification embedded NFC chip

Family Cites Families (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
FR2913550A1 (en) * 2007-03-07 2008-09-12 Inside Contactless Sa METHOD FOR SECURELY LOADING ACCESS DATA TO A SERVICE IN AN NFC CHIPSET
CN113612797A (en) * 2021-08-23 2021-11-05 金陵科技学院 Kerberos identity authentication protocol improvement method based on state cryptographic algorithm

Patent Citations (7)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN103065168A (en) * 2012-12-19 2013-04-24 深圳市江波龙电子有限公司 Anti-fake method and system of radio frequency identification
CN107886333A (en) * 2016-09-29 2018-04-06 珠海晶通科技有限公司 A kind of Antiforge system and its method for anti-counterfeit with dynamic anti-fake information
CN106209386A (en) * 2016-10-10 2016-12-07 中国银行股份有限公司 A kind of methods, devices and systems realizing safety certification
CN109711516A (en) * 2018-11-28 2019-05-03 山水云(上海)信息科技有限公司 A kind of fake certification system and method based on NFC chip
CN111787535A (en) * 2019-04-03 2020-10-16 上海飞聚微电子有限公司 NDEF format security dynamic code generation method and device and near field communication method and system
CN110969445A (en) * 2019-10-31 2020-04-07 紫优科技(深圳)有限公司 Anti-counterfeiting method based on NFC
CN112347453A (en) * 2020-11-11 2021-02-09 公安部交通管理科学研究所 Data safety writing method and system of automobile electronic identification embedded NFC chip

Also Published As

Publication number Publication date
CN114492489A (en) 2022-05-13

Similar Documents

Publication Publication Date Title
CN103067401B (en) Method and system for key protection
EP2890172B1 (en) Flexible data authentication for an NFC data exchange format NDEF message
CN106789841B (en) Service processing method, terminal, server and system
CN102484638B (en) Layered protection and validation of identity data delivered online via multiple intermediate clients
CN105007279A (en) Authentication method and authentication system
CN110690956B (en) Bidirectional authentication method and system, server and terminal
CN110099064A (en) A kind of document handling method based on Internet of Things, device, equipment and storage medium
CN104168262A (en) Method and server for logging in third party site
CN101771680B (en) Method for writing data to smart card, system and remote writing-card terminal
CN112653556B (en) TOKEN-based micro-service security authentication method, device and storage medium
CN108667784B (en) System and method for protecting internet identity card verification information
JP2007028015A (en) Program, system and method for time stamp verification, and time stamp generation request method
CN109688131A (en) A kind of data transmission method, device and system
CN114492489B (en) NFC label verification system based on dynamic data
US20190349198A1 (en) Automated authentication of a new network element
CN110740038A (en) Block chain and communication method, gateway, communication system and storage medium thereof
CN106656955A (en) Communication method and system and user terminal
CN111224958A (en) Data transmission method and system
CN108234126B (en) System and method for remote account opening
CN104883260B (en) Certificate information processing and verification method, processing terminal and authentication server
CN110175471B (en) File storage method and system
KR101744697B1 (en) Encoded Package Manufacturing and Transmission System for E-training Contents
CN114501591B (en) Intelligent equipment network access method and device and computer readable storage medium
CN111523128A (en) Information protection method, system, electronic device and medium
CN111445245A (en) Certificate index updating method and device for security type general certificate

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant